graylog 安装配置
OS:CentOS7 64 基于Docker的安装
Persist log data
mkdir -p /graylog/config cd /graylog/config wget https://raw.githubusercontent.com/Graylog2/graylog2-images/2.0/docker/config/graylog.conf wget https://raw.githubusercontent.com/Graylog2/graylog2-images/2.0/docker/config/log4j2.xml
docker-compose install graylog
The docker-compose.yml file looks like this:
1.挂载- /etc/localtime:/etc/localtime 容器同步宿主机时间
2.修改GRAYLOG_REST_TRANSPORT_URI 地址为宿主机IP
some-mongo:
image: "mongo:3"
volumes:
- /graylog/data/mongo:/data/db
- /etc/localtime:/etc/localtime
some-elasticsearch:
image: "elasticsearch:2"
command: "elasticsearch -Des.cluster.name='graylog'"
volumes:
- /graylog/data/elasticsearch:/usr/share/elasticsearch/data
- /etc/localtime:/etc/localtime
graylog:
image: graylog2/server
volumes:
- /graylog/data/journal:/usr/share/graylog/data/journal
- /graylog/config:/usr/share/graylog/data/config
- /etc/localtime:/etc/localtime
environment:
GRAYLOG_PASSWORD_SECRET: somepasswordpepper
GRAYLOG_ROOT_PASSWORD_SHA2: 8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
GRAYLOG_REST_TRANSPORT_URI: http://127.0.0.1:12900
links:
- some-mongo:mongo
- some-elasticsearch:elasticsearch
ports:
- "9000:9000"
- "12900:12900"
- "12201/udp:12201/udp"
- "1514/udp:1514/udp"
1.docker-compose安装环境,安装pip
install pip
2.安装docker-comopse
pip install -U docker-compose
3.启动docker-compose
docker-compose up
Graylog Collector Sidecar
- 原理图
安装nxlog
1.centos 环境
安装方法参考这里http://blog.csdn.net/iwannarun/article/details/52604646
2.ubuntu 环境
$ sudo dpkg-deb -f nxlog-ce_2.9.1716_ubuntu_1604_amd64.deb Depends
$ sudo apt-get -f -y install
$ sudo /etc/init.d/nxlog stop
$ sudo update-rc.d -f nxlog remove
$ sudo gpasswd -a nxlog adm
3.Windows
安装collector-sidecar
1.centos 环境
2.ubuntu 环境
dpkg -i collector-sidecar_0.0.7-1_amd64.deb
To register and enable a system service use the -service option:
$ sudo graylog-collector-sidecar -service install
$ sudo service collector-sidecar start
3.Windows
nxlog.conf、collector_sidecar.yml 配置
1.nxlog.conf
路径为要监控日志文件路径
graylog server ip
端口可以不用修改
2.collector_sidecar.yml
还要修改server_url :http://graylog server ip:12900
node_id: graylog-collector-sidecar 有多个collect要修改不同名称
graylog web 配置
http://graylog server ip:9000
system/collectors-collectors-manager coonfigures-create coonfigures
Collector xx Configuration - NXLog 配置
Configure NXLog Outputs
Configure NXLog Inputs
日志客户端启动collector-sidecar
/etc/init.d/collector-sidecar start
查看进程
graylog web查看Collectors 是否运行正常
graylog web 设置 日志接收
收集成果展示
DashBoards:可根据检索条件设置饼状图柱状图,便于分析查看
Search : 可根据时间关键字及日志源(Nxlog)所在的服务器进行筛选
总结
graylog非常适合分布式应用的日志收集,将各台服务器的日志收集至同一个地方,利用预设检索场景的dashboards能够对全局达到一目了然的效果,检索信息也十分方便。但需要注意的是日志规范在这里就尤为重要:例如统一的日志的格式能够提升检索速度,生成环境只坚决不打debug级别的日志能有效控制空间占用,毕竟接受的日志数据是持久化在graylog的mongo当中的。